Paul Gilmartin wrote, re FPE being ASCII-EBCDIC transparent: >I'm astonished that's possible (but it can't be proven impossible). Suppose I >change
>x'C1' to x'41' in the clear text (in fact, only a single bit change). With >strong encryption >that must change numerous bits in the encrypted text (ideally about half). >But IIRC >you've said elsewhere that performing an EBCDIC=>ASCII translation, >byte-by-byte, >on the encrypted text does the same for the decrypted text. >(Can you cite an example? Format-preserving data protection uses specific alphabets. So if "Paul" protects to "Abcd" in ASCII, "Paul" in EBCDIC protects to "Abcd" in EBCDIC. Thus you can translate "Abcd" from one encoding to the other and decrypt. So obviously this means that a given FPE operation has to have an alphabet associated with it, and convert internally to a common format. For 7-bit US-ASCII and code page 1047, this is trivial. For other code pages, it's doable but requires a bit more work. The excitement comes if you have a complex alphabet defined in UTF-8 land: say, a mixture of Cyrillic and Greek characters. In UTF-8, that works fine. But those are different EBCDIC code pages, sharing the same 256-byte space, so you *cannot* use such a format in EBCDIC-land. If you have an alphabet comprising *just* Cyrillic or *just* Greek, you can happily use that: convert EBCDIC input (which you of course must tell the system is the right Cyrillic or Greek code page) to UTF-8, encrypt or decrypt, convert back. Since a user cannot really have mixed Cyrillic and Greek data in a single EBCDIC field (at least, not without something VERY strange, with additional metadata), this works fine. >(How about, e.g. IBM-1154<=>UTF-8?) That's a Cyrillic page, yes? If ICONV/ICU handles the conversion, it's trivial. If not, then it's harder. But since any EBCDIC code page surely maps to UTF-8, I think it should work; it's only the other way that causes problems (10lb in 5lb sack dept). I haven't mentioned DBCS, because I think it's pretty well dead. But I think ICONV and/or ICU on z/OS handle it; if so, it should also Just Work. Obviously I haven't tried it. .phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
